The other problem repaired by the patches is a programming logic error in how the bpcd daemon handles incoming system commands. That flaw could allow a remote attacker to append commands to a valid command and potentially run arbitrary code with elevated privileges on the targeted system, according to Symantec. That vulnerability was reported by IBM Internet Security Systems.

Symantec said it has received no reports of any of the vulnerabilities being exploited so far.

"If customers have followed recommended installations of the affected products and have configured their systems accordingly, the likelihood of customer impact is dramatically reduced," Vincent Weafer, senior director of Symantec Security Response, said in a statement e-mailed to Computerworld today. "Now is an ideal time for our customers to apply the fixes Symantec provided, as there are no known exploits of the vulnerabilities."

The vendor issued a TechAlert on the subject with more information on how to update the software. are also available at Symantec's Security Response Web site.